Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'81 
b'linkks'75 
b'jobert'70 
b'someonenobbd'62 
b'nyymi'60 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'Lichess' disclosed a bug submitted by b'closec4ll' 
b'Improper Authentication Throttling Allows Attacker-Controlled Account Lockouts '
13 Jun 2025 timeline
b'Bykea' disclosed a bug submitted by b'bugbountywithmarco' 
b'IDOR on in-app hardcoded zombie endpoint '
13 Jun 2025 timeline
b'Bykea' disclosed a bug submitted by b'bugbountywithmarco' 
b'Bypassing Bronze Partner Wallet Restriction to Accept Trips with Negative Balance'
13 Jun 2025 timeline
b'Bykea' disclosed a bug submitted by b'grassye' 
b'Ability to increase any customer offered fare (BAC)'
13 Jun 2025 timeline
b'Bykea' disclosed a bug submitted by b'back2arie' 
b'Broken Access Control (IDOR) in Booking Detail and Bids Could Leads to Sensitive Information Disclosure'
13 Jun 2025 timeline
b'Hemi VDP' disclosed a bug submitted by b'1_ali_raza' 
b'WordPress Version Exposure via /wp-links-opml.php on hemi.xyz'
13 Jun 2025 timeline
b'Mars' disclosed a bug submitted by b'morphykutay' 
b'[XSS] Reflected XSS via POST request in ()'
12 Jun 2025 timeline
b'Rootstock Labs' disclosed a bug submitted by b'guido' 
b'Crafted smart contract can take 1.5 minutes to execute due to inefficient CODESIZE implementation'
12 Jun 2025 timeline
b'Rootstock Labs' disclosed a bug submitted by b'guido' 
b'Crafted smart contract can take ~23 seconds to execute due to immense error string construction'
12 Jun 2025 timeline
b'Bykea' disclosed a bug submitted by b'bugbountywithmarco' 
b'Lack of Feedback Validation Permits Arbitrary Driver Ratings'
12 Jun 2025 timeline
b'Lichess' disclosed a bug submitted by b'immm' 
b'Path Traversal Vulnerability in Lila Project'
09 Jun 2025 timeline
b'HackerOne' disclosed a bug submitted by b'root_geek280' 
b'IDOR Vulnerability at AddTagToAssets operation name'
08 Jun 2025 timeline
b'Lichess' disclosed a bug submitted by b'oblivionsage' 
b'ImageId Format Injection in Image Upload Endpoint'
06 Jun 2025 timeline
b'hostinger ' disclosed a bug submitted by b'aziz0x48' 
b'1 Click Account Takeover via Auth Token Theft on marketing.hostinger.com'
06 Jun 2025 timeline
b'Shopify' disclosed a bug submitted by b'bassem_sadaqah' 
b'DoS Vulnerability via Cache Poisoning on cdn.shopify.com and shopify-assets.shopifycdn.com'
04 Jun 2025 timeline
b'Insightly' disclosed a bug submitted by b'basant0x01' 
b'returnUrl= allow attacker to redirect users to the another phising website and takeover credientials'
04 Jun 2025 timeline
b'curl' disclosed a bug submitted by b'z2_' 
b'CVE-2025-5399: WebSocket endless loop'
04 Jun 2025 timeline
b'Lichess' disclosed a bug submitted by b'oblivionsage' 
b'Server-Side Request Forgery (SSRF) via Game Export API'
03 Jun 2025 timeline
b'Mozilla' disclosed a bug submitted by b'z3phyrus' 
b'IDOR: Account Deletion via Session Misbinding Attacker Can Delete Victim Account'
03 Jun 2025 timeline
b'HackerOne' disclosed a bug submitted by b'w2w' 
b'Public GitHub repositories for multiple HackerOne managed triage team profiles contain private HackerOne reports information'
31 May 2025 timeline
1 ... 3 4 5 6 7 ... 733
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM